Thread: Red V symbol (log file not valid) after OLC upload.
View Single Post
  #2  
Old November 24th 11, 10:22 AM posted to rec.aviation.soaring
Peter Purdie[_3_]
external usenet poster
  
Posts: 103
Default Red V symbol (log file not valid) after OLC upload.
No practical cryptography is immune from mathematical analysis, ask the
NSA. It's just that the analysis may take a few hundred years at the
present state of computing (but Moore's law applies).

What makes you think that all flight recorders of one type have the same
private key?

Security is deemed to be sufficiently good to make it easier to break a
World Record than to break the security; that's all that is needed.

What the OLC requires is a matter for them, but since they are siiting in a
room maybe continents away from the location of the flight, I guess they
thing IGC file verification is necessary.

Flight recorders make the OLC possible - don't knock it.

At 07:36 24 November 2011, Max Kellermann wrote:
Cliff Hilty wrote:
Im still trying to figure out why any of the files have to be "secure"
!
Security is an illusion. I thought the intent of the OLC was to promote
more people flying and friendly competition. Still scratching my head
with
all of this regulatory crap.

Exactly my thought. Requiring so-called "secure" files limits the
access to such a site artificially, and is no more than promoting the
commercial logger industry.

After all, we are all in it for the money and the girls right? If
they want to cheat that bad let them.

When manufacturers don't publish their cryptographic algorithms, it's
a sure sign that they were not designed properly ("Snake Oil"),
because good cryptography is one that withstands mathematical
analysis.

No IGC logger has a published verification procedure. The vendors
publish closed-source EXE files for validation, as a black-box that
magically tells you if a signature is correct.

If you want to cheat, just buy two loggers. Both will have the same
"private key" needed for signing. Open one (carefully, so it will not
trigger key deletion), extract the private key, and use that private
key to sign fake flights for the serial number of the second logger.

(And that's not even exploiting potential mathematical flaws in the
signature algorithm!)

This kind of security is an illusion, and not worth the hundreds of
dollars we spend on it.

Max